Public Private Partnerships - Case Studies Part 1
The government of the United States, through the Department of Defense (DoD), developed the internet through ARPANET. In 1990 the US government decommissioned ARPANET and removed security restrictions allowing private and commercial entities to utilize the internet infrastructure. To maintain and keep developing the global internet infrastructure (while keeping it safe and secure), the United States government maintains a "public-private partnership," with several entities, including ICANN and IETF. Another private sector partnership spearheaded by the Securities and Exchange Commission (SEC) seeks to develop cybersecurity for private-sector infrastructures.
PARTNERSHIP TO DEVELOP ARPANET (INTERNET)
- The United States Department of Defense (DoD) awarded contracts in the early 1960s to build packet network systems. This initiative led to the development of the ARPANET (which became the "first network" infrastructure to use IP addresses).
- The Department of Defense is an executive department of the government of the United States.
- The global internet started as a project funded by the US government. During the late 1960s, the Advanced Research Projects Agency Network (ARPANET) was set up to facilitate the sharing of digital resources between computers.
- After developing an infrastructure for communication-based on several protocols such as TCP and IP, the "ARPANET was decommissioned in 1990." Restrictions (security limitations) regarding the use of the internet were removed, leading to the growth of private connections and commercial traffic that rode on backbones of retail/commercial internet service providers (ISPs).
- By the 1990s, the network started by the DoD had grown to become a "worldwide networking infrastructure."
- In 1994, the United States National Science Foundation, which also significantly controlled and managed the infrastructure of the internet as of then, subcontracted DNS (domain name system) management to a private organization.
PARTNERSHIP TO MAINTAIN THE INTERNET/ASSIGN PROTOCOLS
- After collaborating with the private sector to develop the internet infrastructure, the United States government partnered with the private sector to secure it.
- Way back since 1997, the United States' Department of Commerce maintained a "public-private partnership" with the Internet Corporation for Assigned Names and Numbers (ICANN). It also collaborated with IETF. These partnerships were meant to keep the internet safe, secure, stable, and interoperable.
- In 2016, the United States government/Department of Commerce stopped overseeing the internet's naming system. This task was given up to a non-profit organization. Before the handover, the government, through the Internet Corporation for Assigned Names and Numbers (ICANN), controlled the IP addresses and domain names assigned to various communication nodes.
- Participants from across the world now design policies related to the internet's unique identifiers and its naming system. A "public-private partnership," with ICANN helps to perform some contracted functions under the United States' Department of Commerce. These functions keep the internet "stable, secure, and interoperable."
- The US government and research agencies once exclusively controlled domain name service. Today, several operators in the private sector have adopted the technology and own root domain name servers.
- Apart from ICANN, NASA, US DoD, and the US Army Research Lab, which still operate root naming servers. Several private organizations such as VeriSign Global Registry Services, the University of Southern California, among other private sector organizations now control some 13 root servers. These servers form the foundation of the internet.
PKI/CYBERSECURITY FOR PRIVATE SECTOR INFRASTRUCTURE
- To keep the global internet secure, the Department of Defense (DoD) has developed a Public Key Infrastructure. This infrastructure gets utilized frequently for the United States classified communications, Federal Inter-Agency communications, and Interoperable Inter-Agency communications (at the federal, state, and local levels). The private sector has also adopted it for commercial use.
- In compliance with the Homeland Security Presidential Directive 12, DoD developed a Public Key Infrastructure (PKI) with e-business capabilities. This framework can be used to manage electronic/digital identities and associated credentials. It can also be used to manage critical materials for users, servers, applications, and network components.
- The DoD declared that PKI had acquired "initial operational" capabilities as of November 2011. Three development spirals of PKI were implemented between 2009 and 2014.
- Today, PKI is widely used, as the safeguarding of private networks/keys is critically essential. PKIs often get used in the authentication and authorization process for web applications; PKIs help in server identification, as well as electronic document and form signing. Other uses of PKI include its applications in VPNs, S/MIME email signing as well as encryption, etc.
- Distributed PKI helps in managing several "critical vulnerabilities" in cybersecurity. This technology makes cyber access more transparent and more difficult to compromise.
- Apart from the enterprise Public Key Infrastructure (PKI) (Public CA) servers available, several organizations now implement their PKI infrastructure. This technology has given rise to Private/Public Key Infrastructures (Private PKI) adopted by the private sector for blockchain distributed infrastructures,
- The United States government, through the Securities and Exchange Commission (SEC), is also implementing a Public-Private Partnership (PPP) on cybersecurity. This partnership aims at keeping private-sector infrastructures secure.
- According to the Center for Strategic and International Studies Commission on Cybersecurity, unique types of threats confront power grids, financial institutions due to leaking confidential information. The integrity of public as well as private sector network infrastructure is crucial to national security.
- The private sector has adopted cybersecurity solutions. These solutions were initiatives of the DoD (such as PKI).
- Private sector organizations control a significant part of the critical infrastructure vulnerable to cyber threats. Many of the companies that own vital infrastructure have cybersecurity programs. They have specific expertise as well as experience in handling potential risks.
- Through a new partnership aimed to secure vulnerable infrastructure, the Securities and Exchange Commission (SEC) has designed a framework. This framework mandates that significant cybersecurity risks, as well as incidents, are disclosed to investors. This partnership is necessary because The operators in the public sector have various strengths/advantages.
- The United States government has motivated industry groups to label themselves as cybersecurity compliant so that consumers can make "smart choices about what they're buying."
The research reviewed several government publications, such as articles of Pennsylvania State University, etc. The study investigated several technologies, such as IP protocols/IP infrastructure, PKI (public key infrastructure), domain name service, cybersecurity frameworks, etc. The study also examined the various stages of the internet were public-private partnership has helped the United States federal government to build capacity. Partnerships to incubate technology and transfer the same to the private sector for adoption were also investigated. Due to the time frame of some adopted technologies, two resources older than the usual 24-month credibility range are in the study. PKI was developed way back in 2011 by the Department of Defense (DoD).